CN106161359B - It authenticates the method and device of user, register the method and device of wearable device - Google Patents

It authenticates the method and device of user, register the method and device of wearable device Download PDF

Info

Publication number
CN106161359B
CN106161359B CN201510155552.4A CN201510155552A CN106161359B CN 106161359 B CN106161359 B CN 106161359B CN 201510155552 A CN201510155552 A CN 201510155552A CN 106161359 B CN106161359 B CN 106161359B
Authority
CN
China
Prior art keywords
user
server
wearable device
key
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510155552.4A
Other languages
Chinese (zh)
Other versions
CN106161359A (en
Inventor
蒋龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201910718095.3A priority Critical patent/CN110417797B/en
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201510155552.4A priority patent/CN106161359B/en
Priority to JP2017551677A priority patent/JP6646341B2/en
Priority to PL16771252T priority patent/PL3280090T3/en
Priority to PCT/CN2016/076415 priority patent/WO2016155497A1/en
Priority to SG11201708032TA priority patent/SG11201708032TA/en
Priority to ES16771252T priority patent/ES2820554T3/en
Priority to EP16771252.0A priority patent/EP3280090B1/en
Priority to SG10202004393SA priority patent/SG10202004393SA/en
Priority to KR1020177031906A priority patent/KR102242218B1/en
Publication of CN106161359A publication Critical patent/CN106161359A/en
Priority to US15/719,274 priority patent/US10587418B2/en
Application granted granted Critical
Publication of CN106161359B publication Critical patent/CN106161359B/en
Priority to US16/813,613 priority patent/US10873573B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/38Transceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving
    • H04B1/3827Portable transceivers
    • H04B1/385Transceivers carried on the body, e.g. in helmets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0053Allocation of signaling, i.e. of overhead other than pilot signals
    • H04L5/0055Physical resource allocation for ACK/NACK
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The application provides a kind of method for authenticating user, it applies on the server of the corresponding relationship of user identifier, wearable device mark and the server authentication key of preserving user, include: the certification request for receiving user and being sent by terminal, the user identifier and/or wearable device mark of the user are carried in certification request;Downlink authentication information is obtained, is issued to terminal and carries downlink authentication information, the detection instruction that the wearable device of the user identifies;The detection response for carrying uplink authentication information that terminal returns is received, uplink authentication information is generated by the wearable device specified in detection instruction according to equipment authentication key and downlink authentication information, and equipment authentication key is identical or corresponding as server authentication key;Downlink authentication information and uplink authentication information are matched using the server authentication key of user, then user passes through certification to successful match.By the technical solution of the application, burden for users is alleviated, improves the efficiency that user obtains network service.

Description

It authenticates the method and device of user, register the method and device of wearable device
Technical field
This application involves Internet technical fields more particularly to a kind of method and device for authenticating user and a kind of registration can The method and device of wearable device.
Background technique
With the rapid development of Internet technology, user more and more completes various activities using network, such as office, Amusement, shopping, financing etc..User usually obtains these services from multiple service provider theres, and user mentions in each service For registering on the server of quotient, require to provide account and password to server when obtaining service every time, so as to server User is authenticated, and corresponding service is provided.
Due to safety concerns, user should avoid using identical account and password at multiple service providers as far as possible.When When user wishes that the service obtained gradually increases, remember that the account at each service provider and corresponding password just become user Increasingly heavy burden.Meanwhile as network services increasingly over to the every aspect of life, user always needs to input account It completes to authenticate with password, it is cumbersome, reduce the efficiency for obtaining network service.
Summary of the invention
In view of this, using on the server, the server saves this application provides a kind of method for authenticating user There are the user identifier of user, the corresponding relationship of wearable device mark and server authentication key, which comprises
The certification request that user is sent by terminal is received, the user identifier of the user is carried in the certification request And/or wearable device mark;
Downlink authentication information is obtained, the wearable device mark for carrying downlink authentication information, the user is issued to terminal The detection instruction of knowledge;
The detection response for carrying uplink authentication information that terminal returns is received, the uplink authentication information is by detection instruction In the wearable device specified generated according to equipment authentication key and downlink authentication information, the equipment authentication key and server Authentication key is identical or corresponding;
Downlink authentication information and uplink authentication information are matched using the server authentication key of the user, successful match is then The user passes through certification.
A kind of method authenticating user provided by the present application, is applied in the terminal of accessing user's wearable device, described Method includes:
Certification request is sent to server depending on the user's operation, the user of the user is carried in the certification request Mark and/or wearable device mark;
The detection instruction of server is received, carries downlink authentication information and wearable device mark in the detection instruction Know;
Downlink authentication information is sent to the wearable device specified in the detection instruction, receives the wearable device The uplink authentication information of return;The uplink authentication information by the wearable device according to the equipment authentication key of preservation and under Row authentication information generates, and the equipment authentication key is identical or corresponding as the server authentication key for being stored in server;
The detection response for carrying uplink authentication information is sent to server;
Receive the user that server is determined according to the uplink authentication information, downlink authentication information and server authentication key Authentication result.
This application provides a kind of methods for registering wearable device, using on the server, comprising:
The wearable device registration request that user is sent by terminal is received, carries the user in the registration request User identifier and wearable device mark;
The server authentication key and equipment authentication key for obtaining the user, issued to terminal carry equipment certification it is close Key, the user wearable device mark write instruction;
The write-in response that terminal returns is received, if write-in response shows that equipment authentication key has successfully been stored in described write Enter in the wearable device specified in instruction, then the user identifier, wearable device mark and server for saving the user are recognized Demonstrate,prove the corresponding relationship of key.
A kind of method for registering wearable device provided by the present application, using at the terminal, comprising:
Wearable device registration request is sent to server depending on the user's operation, is carried in the registration request described The user identifier and wearable device of user identifies;
The write instruction of server is received, carries equipment authentication key in said write instruction, the user wears Wear device identification;
The operation of write device authentication key is executed to the wearable device specified in write instruction;
Write-in response is sent to server, carries whether write device authentication key successfully disappears in said write response Breath.
Present invention also provides a kind of devices for authenticating user, and using on the server, the server preserves user User identifier, wearable device mark and server authentication key corresponding relationship, described device includes:
Certification request receiving unit, the certification request sent for receiving user by terminal are taken in the certification request User identifier and/or wearable device mark with the user;
Detection instruction issuance unit issues to terminal for obtaining downlink authentication information and carries downlink authentication information, institute State the detection instruction of the wearable device mark of user;
Response receiving unit is detected, it is described for receiving the detection response for carrying uplink authentication information of terminal return Uplink authentication information is generated by the wearable device specified in detection instruction according to equipment authentication key and downlink authentication information, institute It is identical or corresponding as server authentication key to state equipment authentication key;
Matching unit, for the server authentication key matching downlink authentication information and uplink certification letter using the user Breath, then the user passes through certification to successful match.
A kind of device authenticating user provided by the present application, is applied in the terminal of accessing user's wearable device, described Device includes:
Certification request transmission unit, for sending certification request, the certification request to server depending on the user's operation In carry the user user identifier and/or wearable device mark;
Detection instruction receiving unit carries downlink in the detection instruction and recognizes for receiving the detection instruction of server Demonstrate,prove information and wearable device mark;
Uplink authentication information unit, for downlink authentication information to be sent to wearable setting of specifying in the detection instruction It is standby, receive the uplink authentication information that the wearable device returns;The uplink authentication information by the wearable device according to The equipment authentication key and downlink authentication information of preservation generate, and the equipment authentication key is recognized with the server for being stored in server It is identical or corresponding to demonstrate,prove key;
Response transmission unit is detected, for sending the detection response for carrying uplink authentication information to server;
Authentication result receiving unit, for receiving server according to the uplink authentication information, downlink authentication information kimonos The user authentication result that device authentication key of being engaged in determines.
This application provides a kind of devices for registering wearable device, using on the server, comprising:
Registration request receiving unit, the wearable device registration request sent for receiving user by terminal, the note The user identifier and wearable device mark of the user are carried in volume request;
Write instruction issuance unit, for obtaining the server authentication key and equipment authentication key of the user, to end End issues the write instruction for carrying equipment authentication key, the wearable device mark of the user;
Response receiving unit is written, for receiving the write-in response of terminal return, if write-in response shows that equipment authenticates Key be successfully stored in said write instruction in specify wearable device in, then save the user user identifier, can The corresponding relationship of wearable device mark and server authentication key.
A kind of device for registering wearable device provided by the present application, using at the terminal, comprising:
Registration request transmission unit, for sending wearable device registration request, institute to server depending on the user's operation State the user identifier that the user is carried in registration request and wearable device mark;
Write instruction receiving unit carries equipment in said write instruction and recognizes for receiving the write instruction of server Demonstrate,prove the wearable device mark of key, the user;
Write operation execution unit, for executing write device authentication key to the wearable device specified in write instruction Operation;
Response transmission unit is written, for sending write-in response to server, carries write device in said write response The whether successful message of authentication key.
This application provides a kind of methods of payment, comprising:
The payment request that user is sent by payment client terminal is received, user's mark of user is carried in the payment request Know and/or wearable device identifies;
Downlink authentication information is obtained, and is issued to payment client terminal including downlink authentication information and wearable device mark Certification instruction;
Receive the authentication response information for carrying uplink authentication information that payment client terminal returns, the uplink authentication information It is generated by the wearable device specified in certification instruction according to equipment authentication key and downlink authentication information, the equipment certification is close Key is identical or corresponding as server authentication key;
Downlink authentication information and uplink authentication information are matched using the server authentication key of the user, successful match is then The user carries out delivery operation by certification after certification passes through.
A kind of method of payment provided by the present application, comprising:
In response to delivery operation of the user on payment client terminal, payment request, the payment request are sent to server In carry user user identifier and/or wearable device mark;
Receive that server issues includes the certification instruction that downlink authentication information and wearable device identify, and will be described under Row authentication information is sent to wearable device, so that the equipment authentication key and downlink that are saved by wearable device using itself are recognized It demonstrate,proves information and generates uplink authentication information;
The uplink authentication information that wearable device returns is received, and is sent to server, so that server is recognized according to uplink Card information authenticates user, and delivery operation is carried out after certification passes through.
A kind of method of payment of wearable device provided by the present application, comprising:
The payment authentication information that payment client terminal is sent is received, the payment authentication information includes that server is based on payment visitor The downlink authentication information that the payment request for the user that family end is sent is issued;
Uplink authentication information is generated according to the equipment authentication key of preservation and downlink authentication information, and the uplink is authenticated Information is sent to payment client terminal, so that uplink authentication information is sent to server by payment client terminal, so that server can User is authenticated based on uplink authentication information, and carries out delivery operation after certification passes through.
This application provides a kind of payment mechanisms, comprising:
Payment request receiving unit, the payment request sent for receiving user by payment client terminal, the payment are asked The user identifier and/or wearable device mark of user are carried in asking;
Certification instruction issuance unit, for obtaining downlink authentication information, and issues to payment client terminal and authenticates including downlink The certification instruction of information and wearable device mark;
Authentication response receiving unit, for receiving the authentication response for carrying uplink authentication information of payment client terminal return Information, the uplink authentication information are believed by the wearable device specified in certification instruction according to equipment authentication key and downlink certification Breath generates, and the equipment authentication key is identical or corresponding as server authentication key;
Matching unit is paid, downlink authentication information is matched for the server authentication key using the user and uplink is recognized Information is demonstrate,proved, then the user passes through certification to successful match, and delivery operation is carried out after certification passes through.
A kind of payment mechanism provided by the present application, comprising:
Payment request transmission unit is sent for the delivery operation in response to user on payment client terminal to server Payment request carries the user identifier and/or wearable device mark of user in the payment request;
Instruction receiving unit is authenticated, includes that downlink authentication information and wearable device identify for receive that server issues Certification instruction, and the downlink authentication information is sent to wearable device, to utilize itself preservation by wearable device Equipment authentication key and downlink authentication information generate uplink authentication information;
Authentication response transmission unit for receiving the uplink authentication information of wearable device return, and is sent to server, So that server authenticates user according to uplink authentication information, and delivery operation is carried out after certification passes through.
Present invention also provides a kind of payment mechanisms of wearable device, comprising:
Payment authentication information receiving unit, for receiving the payment authentication information of payment client terminal transmission, the payment is recognized The downlink authentication information that the payment request for the user that card information, which includes server, to be sent based on payment client terminal is issued;
Uplink authentication information generation unit, for generating uplink according to the equipment authentication key and downlink authentication information of preservation Authentication information, and the uplink authentication information is sent to payment client terminal, so as to by payment client terminal by uplink authentication information It is sent to server, so that server can authenticate user based on uplink authentication information, and is propped up after certification passes through Pay operation.
By above technical scheme as it can be seen that embodiments herein is by being arranged server on server and wearable device Authentication key and equipment authentication key, server utilize the server authentication key and equipment of setting by the interaction with terminal Authentication key authenticates specified wearable device, to complete to recognize user corresponding with the wearable device Card, user, without account and password is inputted in verification process, alleviate burden for users, mention without remembering account and password High user obtains the efficiency of network service.
Detailed description of the invention
Fig. 1 is a kind of network structure of the application application scenarios;
Fig. 2 is a kind of flow chart for the method for applying certification user on the server in the embodiment of the present application;
Fig. 3 is a kind of flow chart for the method for applying certification user at the terminal in the embodiment of the present application;
Fig. 4 is a kind of flow chart of the method for the registration wearable device applied on the server in the embodiment of the present application;
Fig. 5 is a kind of flow chart of the method for the registration wearable device applied at the terminal in the embodiment of the present application;
Fig. 6 is a kind of hardware structure diagram of server, wearable device or terminal;
Fig. 7 is a kind of building-block of logic for the device for applying certification user on the server in the embodiment of the present application;
Fig. 8 is a kind of building-block of logic for the device for applying certification user at the terminal in the embodiment of the present application;
Fig. 9 is a kind of logical construction of the device for the registration wearable device applied on the server in the embodiment of the present application Figure;
Figure 10 is a kind of building-block of logic for applying the device of registration wearable device at the terminal in the embodiment of the present application.
Specific embodiment
Wearable device is that one kind can be worn by user, or be integrated into user's clothes or accessory portable set It is standby, such as bracelet, smartwatch, intelligent shoe, intelligent clothing, intelligent glasses, intelligent helmet, intelligent ring.It is wearable to set It is standby that there is part computing function, smart phone, tablet computer, personal electricity can be connected to by hardware interface or WLAN The terminals such as brain, by realizing various functions with terminal switch data.
Wearable device is usually specific to a user, and some wearable devices can be worn on user whenever and wherever possible, To a certain extent, such wearable device just represents user.Embodiments herein proposes a kind of side for authenticating user Method carries out the certification to user using the storage and computing function of wearable device, it is no longer necessary to user memory and frequently it is defeated Enter account and password, to solve problems of the prior art.
A kind of network environment applied by embodiments herein as shown in Figure 1, wearable device by hardware interface or WLAN is linked into terminal, and hardware interface can be audio interface, USB (Universal Serial Bus, general serial Bus) interface etc., WLAN can be bluetooth (Bluetooth), Wi-Fi (Wireless-Fidelity, wireless guarantor Very), ZigBee (ZigBee protocol) etc., terminal can be smart phone, tablet computer, PC etc..Terminal passes through communication network Network (such as internet and/or mobile communications network) is communicated with server, and user is sent to the access of server at the terminal, Server authenticates user.The hardware of the type of terminal, wearable device access terminal is connect in embodiments herein Mouthful or protocol of wireless local area network, the agreement of communication network and networking structure, server specific implementation without limitation.
In one embodiment of the application, the process of the method for user on the server is authenticated as shown in Fig. 2, in terminal On process it is as shown in Figure 3.
In the present embodiment, on the server the user identifier of in store user, wearable device mark and server authentication The corresponding relationship of key.User identifier is the unique identity that some user is different from other users for the server, Such as user name, registration mailbox etc.;If the user and mobile terminal binding, can also be bound mobile terminal number, IMEI (International Mobile Equipment Identity, mobile device international identity code) etc..Wearable device Mark is used to uniquely represent the wearable device, because specific device category and the protocol of wireless local area network of use it is different without Together, the hardware address that usually can be the wearable device, such as MAC (Media Access Control, media intervention control) Address.Server authentication key saves on the server, according to the Encryption Algorithm for using the server authentication key, and is stored in Equipment authentication key on wearable device is identical or corresponding.Save wearable device mark and service on the server Device authentication key corresponds, if the wearable device that a user can have more than one is used to authenticate, a user Mark likely corresponds to two or more wearable device marks and server authentication key.Additionally need explanation It is that the corresponding relationship of user identifier, wearable device mark and server authentication key can be stored in server local, it can also Be stored in server it is addressable other storage equipment, as storage area network disk array or cloud storage network in, this In embodiment without limitation.
At the terminal, step 310, certification request is sent to server depending on the user's operation, is carried in certification request The user identifier and/or wearable device of the user identifies.
On the server, step 210, the certification request that user is sent by terminal is received.
When user at the terminal to server request need to carry out authentication service (as log in, access personal account, Payment etc.) when, relevant information needed for server authenticates user to demanding terminal.Terminal to server sends certification request, Carried in certification request the user user identifier or the user wearable device mark or the user user identifier and Wearable device mark.
After server receives the certification request of terminal, identified by user identifier therein and/or wearable device, it can be with Which user that determine request certification is.
On the server, step 220, downlink authentication information is obtained, is issued to terminal and carries downlink authentication information, the use The detection instruction of the wearable device mark at family.
Downlink authentication information can be one section of authentication data, be also possible to utilize the server authentication saved on the server Key is by the encrypted ciphertext of authentication data.Server can obtain authentication data, such as random generation with arbitrary mode, Or certain byte number is intercepted from some file or picture;Server locally voluntarily can generate authentication data, can also To be obtained from other servers;In the present embodiment without limitation.
After receiving the certification request of terminal, server extracts user identifier and/or wearable device in certification request Mark searches whether to wrap in the corresponding relationship of the user identifier, wearable device mark and the server authentication key that are saved Include the mark, if do not include or the user identifier in certification request and wearable device mark be not belonging to the same user, Then refuse the certification request of terminal;Otherwise server obtains authentication data, and to the downlink authentication information of plaintext, server will be authenticated Data, the wearable device mark of the user are encapsulated in detection instruction, are handed down to terminal;To the downlink authentication information of ciphertext, Server is added authentication data with server authentication key corresponding with user identifier in certification request or wearable device mark Downlink authentication information is generated after close, and the wearable device mark of downlink authentication information, the user are encapsulated in detection instruction, under Issue terminal.
At the terminal, step 320, receive the detection instruction of server, carried in detection instruction downlink authentication information and Wearable device mark.
At the terminal, step 330, downlink authentication information is sent to the wearable device specified in detection instruction, is received The uplink authentication information that the wearable device returns;Uplink authentication information is authenticated by the wearable device according to the equipment of preservation close Key and downlink authentication information generate.
Terminal receives the detection instruction of server, wearable device mark and downlink authentication information is therefrom extracted, under Row authentication information be sent to specified in detection instruction wearable device (i.e. in detection instruction wearable device mark can Wearable device).If the wearable device not yet access terminal specified in detection instruction, terminal needs first wearable according to this The protocol of wireless local area network that equipment is supported completes the connection with the wearable device.
As previously mentioned, being preserved on the wearable device that server is specified identical or corresponding as server authentication key Equipment authentication key.After wearable device receives downlink authentication information, to the downlink authentication information of plaintext, wearable device benefit Downlink authentication information is encrypted with equipment authentication key, generates the uplink authentication information of ciphertext;Downlink certification to ciphertext Information, it is wearable that downlink authentication information is decrypted using equipment authentication key, generate the uplink authentication information of plaintext.In plain text Downlink authentication information correspond to the uplink authentication information of ciphertext, the uplink that the downlink authentication information of ciphertext corresponds to plaintext authenticates Information.Uplink authentication information is returned to terminal by wearable device.
At the terminal, step 340, the detection response for carrying uplink authentication information is sent to server.
After terminal receives the uplink authentication information of wearable device return, uplink authentication information is encapsulated in detection response It is sent to server.Wearable device mark is usually also carried in detection response.
On the server, step 230, the detection response for carrying uplink authentication information that terminal returns is received.
On the server, step 240, downlink authentication information is matched using the server authentication key of the user and uplink is recognized Information is demonstrate,proved, then the user passes through certification to successful match.
Server receives the detection response of terminal return, therefrom extracts uplink authentication information, utilizes the server of the user Authentication key judges whether uplink authentication information and downlink authentication information match, to determine the authentication result of the user.Specifically For, to the uplink authentication information of plaintext, can be compared by uplink authentication information and for generating the authentication data of ciphertext, Or it is compared after encrypting uplink authentication information with server authentication key with downlink authentication information, the if the same use Family passes through certification, otherwise authentification failure;To the uplink authentication information of ciphertext, after being decrypted with server authentication key and Downlink authentication information is compared, and if the same the user passes through certification, otherwise authentification failure.
The authentication result whether user passes through certification is returned to terminal by server.
At the terminal, step 350, server is received according to uplink authentication information, downlink authentication information and server authentication The user authentication result that key determines.
In the present embodiment, on the server be arranged on wearable device identical or corresponding server authentication key and Equipment authentication key, server utilize the equipment authentication key being stored on wearable device and guarantor by the interaction with terminal Server authentication key in presence server authenticates specified wearable device, to complete to wearable with this The certification of the corresponding user of equipment, user is without remembering account and password, without inputting account and password in verification process, Burden for users is alleviated, the efficiency that user obtains network service is improved.
In one implementation, the client public key that can save user on the server, saves the user at the terminal Private key for user, different user identifiers uses different client public key and private key for user, and client public key and private key for user are non- A pair of secret keys in symmetric cryptography.The client public key saved on server corresponds to the user identifier of the user, wearable device Mark and server authentication key.In this implementation, the private key for user that terminal saves is to the number carried in detection response It signs, will sign according to (including uplink authentication information, can also include other data such as wearable device mark, user identifier) Detection response after name is sent to server;Server carries out signature check to detection response with the client public key of the user, such as Fruit thens follow the steps 240 by verification, the matching of uplink authentication information and downlink authentication information is carried out, if failing to pass through label Name verification, then notify terminal authentication to fail.This implementation requires some user to authenticate when institute using wearable device The terminal of access will preserve the private key for user of the user, and better safety may be implemented.
Furthermore it is possible to terminal iidentification is added to the user identifier for saving user on the server, wearable device identifies In the corresponding relationship of server authentication key, to limit the end that can carry out user authentication by the wearable device of access End.In this case, preserved on server user user identifier, wearable device mark, server authentication key and The corresponding relationship of terminal iidentification;Terminal carries the terminal iidentification of oneself in the certification request for being sent to server;Server is received To after certification request, will be searched in the corresponding relationship of preservation and the user identifier or wearable device mark pair in certification request The terminal iidentification answered is compared with the terminal iidentification for sending certification request, is if the same executed step 220 and is continued to authenticate Journey refuses the certification request of terminal, user authentication failure if different.This realization is equivalent to wearable device and can be with It is bound by the terminal that the wearable device carries out user authentication;Generally also specially due to terminal (especially mobile terminal) Belong to a user, the safety of user authentication can greatly be increased by binding wearable device and terminal.
Above-mentioned verification process in the present embodiment is applicable to any scene of certification user identity, use when such as logging in Authentication when family authentication, user access personal account, body when user is paid by Third-party payment platform Part certification etc..After user is by certification, server is the follow-up service that can provide under the scene, and terminal then executes the scene Under subsequent operation, for example, the present embodiment be used as payment scene under authentication when, terminal is sent to payment server Certification request is payment request;After user is by certification, payment server can provide payment clothes to the user by certification Business;And terminal can cooperate with payment server after receiving authentication result of the server user by certification and complete user's Delivery operation.
It, can be by the user identifier of user, the correspondence of wearable device mark and server authentication key in the present embodiment Relationship is preset on the server, and corresponding equipment authentication key is preset on wearable device;It can also be authenticated above-mentioned Cheng Qian first passes through registration process to generate above-mentioned corresponding relationship on the server, and write device certification is close on wearable device Key.
The application another embodiment provides for a kind of method for registering wearable device, this method is on the server Process is as shown in figure 4, process at the terminal is as shown in Figure 5.
At the terminal, step 510, wearable device registration request is sent to server according to user's operation.
On the server, step 410, the wearable device registration request that user is sent by terminal is received.
User carries out wearable device registration to server at the terminal, and terminal is set according to the operation of user by wearable Standby registration request is sent to server, includes the user identifier and wearable device mark of the user in registration request.
On the server, step 420, the server authentication key and equipment authentication key for obtaining the user, under terminal Hair carries the write instruction of equipment authentication key, the wearable device mark of the user.
After the wearable device registration request for receiving terminal, uplink authentication information or downlink are authenticated according in verification process Encryption Algorithm used by information, server obtain for the Encryption Algorithm, recognize corresponding to the server of wearable device mark Demonstrate,prove key and equipment authentication key.Server authentication key and equipment authentication key can be a key, and (such as symmetric cryptography is calculated The key of method), it is also possible to a pair of secret keys (public key and private key of such as rivest, shamir, adelman).Server oneself can generate, Server authentication key and equipment authentication key can also be obtained from other servers.
Equipment authentication key that server will acquire, corresponding wearable device mark are encapsulated in write instruction, are sent Give the terminal.
At the terminal, step 520, receive the write instruction of server, carried in the write instruction equipment authentication key, The wearable device of the user identifies.
At the terminal, step 530, the behaviour of write device authentication key is executed to the wearable device specified in write instruction Make.
After terminal receives the write instruction of server, the equipment authentication key in write instruction is sent to wearable by terminal Equipment, request wearable device save the equipment authentication key.According to the difference of wearable device and its be arranged permission difference, Wearable device could complete the storage to equipment authentication key after user may being needed to confirm write operation.For example, To bracelet, user usually requires to carry out percussion confirmation.
At the terminal, step 540, write-in response is sent to server, is written and carries write device authentication key in response Whether successful message.After terminal completes the write operation between wearable device, by write-in, whether successful message is encapsulated In write-in response, it is sent to server.
On the server, step 430, the write-in response that terminal returns is received, if write-in response shows that equipment certification is close Key has successfully been stored in the wearable device specified in write instruction, then saves user identifier, the wearable device of the user The corresponding relationship of mark and server authentication key, wearable device succeed in registration;If the message carried in write-in response is The write-in of equipment authentication key is unsuccessful, then registration process fails.Registering result is sent to terminal by server.
Server can require terminal to provide the password of the user to increase the safety of wearable device registration.It is specific and Speech, server receive the write-in response of terminal, if the message carried in write-in response is that equipment authentication key successfully saves In wearable device, then password confirming request is issued to terminal, it is desirable that terminal provides the wearable device and identifies corresponding use The password of family mark;Terminal receives the password confirming request of server, and the user password of user's input is carried in password confirming Server is back in response;The password confirming response that terminal carries user password is received on server, if user password Correctly, then the user identifier of the user, the corresponding relationship of wearable device mark and server authentication key are saved, it is wearable to set It is standby to succeed in registration;If user password mistake refuses the registration request of terminal, registration failure.Server sends out registering result Give terminal.
In one implementation, the client public key and private key for user of user can be automatically generated in registration process.Tool For body, after operation success of the terminal by equipment authentication key write-in wearable device, terminal is generated according to certain algorithm should The private key for user and client public key of user is locally saving the private key for user generated, and client public key is encapsulated in write-in response It is sent to server;Server is correct by the write-in wearable device success of equipment authentication key or verifying user password in terminal Afterwards, the user identifier of the user is saved, wearable device identifies, the corresponding relationship of server authentication key and client public key.
In application scenes, server public key and privacy key are preset on the server, is preset at the terminal Terminal secret key and terminal public key, wherein server public key and terminal secret key are a pair of secret keys, and privacy key is with terminal public key A pair of secret keys.In these scenes, server can be with the privacy key saved to detection instruction in authentication method embodiment It signs, the detection instruction after signature is sent to terminal;Terminal save terminal public key to received detection instruction into Row signature check refuses detection instruction, authentification failure if verifying failure.In register method embodiment, server can be with It is signed with the privacy key of preservation to write instruction, the write instruction after signature is sent to terminal;Terminal saves Terminal public key to received write instruction carry out signature check, if verify failure if refuse write instruction, registration failure.Eventually End can sign to write-in response with the terminal secret key of preservation, and the write-in response after signature is sent to server;Service The server public key that device saves carries out signature check to received write-in response, refuses the registration of terminal if verifying failure Request.
It can be communicated by encrypted tunnel between server and terminal, to further increase wearable device registration With the safety of user authentication.Such as in the detection instruction in authentication method embodiment and detection response, register method embodiment Write instruction and write-in response can be transmitted in encrypted tunnel.The realization of encrypted tunnel and used encryption method please join See the prior art, repeats no more.
In one embodiment of the application, the payment client terminal run at the terminal is set using the wearable of access terminal The standby certification that user identity is carried out in payment process.The detailed process of the present embodiment is as follows:
On wearable device, the payment bind request of payment client terminal is received, paying in bind request includes that this can wear Wear the equipment authentication key of equipment.The payment bind request that wearable device is issued in response to user by payment client terminal, will The equipment authentication key carried in payment bind request is stored in local storage;
When carrying out delivery operation on payment client terminal, selection indicates to be paid by wearable device user, triggering branch Response of the client to above-mentioned user's operation is paid, payment request is sent to server, the user of user is carried in payment request Mark and/or wearable device mark;
After server receives the payment request that user is sent by payment client terminal, downlink authentication information is obtained, and to branch It pays client and issues the certification instruction including downlink authentication information and wearable device mark;
Payment client terminal receives the certification instruction that server issues, and by the downlink authentication information in payment authentication information In be sent to certification instruction in specify wearable device;
Wearable device receives the payment authentication information of payment client terminal transmission, extracts server from payment authentication information The downlink authentication information that the payment request of user based on payment client terminal transmission is issued;And it is authenticated according to the equipment of preservation close Key and downlink authentication information generate uplink authentication information, and uplink authentication information is sent to payment client terminal;
Payment client terminal receives the uplink authentication information that wearable device returns, and uplink authentication information is believed in authentication response Server is sent in breath;
Server receives the authentication response information for carrying uplink authentication information that payment client terminal returns, and utilizes the user Server authentication key matching downlink authentication information and uplink authentication information, successful match then the user by certification, and Certification carries out delivery operation after passing through;The wearable device specified in the server authentication key of the user and certification instruction is set Standby authentication key is identical or corresponding.
In the present embodiment, by the server with that identical or corresponding server authentication is arranged on wearable device is close Key and equipment authentication key, authenticate wearable device using equipment authentication key and server authentication key, thus The payment authentication for completing user corresponding with the wearable device, allows user to use wearable device on payment client terminal It is paid, without remembering account and password, without account and password is inputted in verification process, it is negative to alleviate user Load, improves payment efficiency.
In the application example of the application, user (applies journey by the customer end A pp operated on mobile phone terminal Sequence) bracelet is registered to payment server after, network payment can be completed by bracelet without inputting account and password.Payment Pairs of server public key and terminal secret key and pairs of privacy key and end are preset on server and client side App Hold public key.Wherein, payment server can run the server of the corresponding serve end program of customer end A pp, be also possible to prop up Hold the server of the Third-party payment platform of customer end A pp.Detailed process is as follows:
User can to payment server transmission by the customer end A pp (hereinafter referred to as client) operated on mobile phone terminal Bracelet payment is opened in wearable device registration request, application, and client is by user identifier (account of the user in payment server), hand Machine terminal iidentification (IMEI), bracelet mark (bracelet MAC Address) are uploaded to server in the registration request.
Payment server generates symmetric key (the i.e. identical server authentication for authenticating bracelet by scheduled algorithm Key and equipment authentication key), symmetric key and user identifier, bracelet mark are signed by preset privacy key together Afterwards, it is encapsulated in write instruction, client is sent to by the encrypted tunnel between payment server and client.
Client is after receiving the write instruction of server-side, first according to number in preset terminal public key verifying write instruction According to legitimacy, if data do not conform to rule and directly refuse write instruction.After through legitimate verification, client connection is write Enter the bracelet specified in instruction, the symmetric key for payment server being issued after successful connection is written in bracelet.Symmetric key User needs to tap bracelet to confirm to write operation during write-in bracelet, symmetrical close after user taps bracelet The storage region of key write-in bracelet.
After write operation success, client generates a pair of of unsymmetrical key according to user identifier, corresponding to user identifier Client public key and private key for user.Client leads to the client public key that the whether successful result of write operation, bracelet are identified and generated It crosses preset terminal secret key to sign, and the above- mentioned information after signature is encapsulated in write-in response, sent out by encrypted tunnel Give payment server.Private key for user is stored in local by client.
Payment server first passes through preset server public key to client after receiving the write-in response of client Signature is verified, and refuses the registration request of client if authentication failed.After signature verification passes through, payment server is to visitor Family end issues password confirming request, it is desirable that client provides the user password of the account on payment server.
Client shows the prompt information of input password to user, and user inputs its account on payment server in client Number password.The password received is sent to payment server in password confirming response by client.
Payment services end check password confirm response in user password, verification pass through after by symmetric key (server is recognized Card key), the corresponding relationship of client public key that generates of user identifier, mobile phone terminal mark, bracelet mark and client saves Come, notice client bracelet succeeds in registration, and registration process terminates.
After bracelet succeeds in registration on payment server, when user wishes to pay by bracelet, pass through client The certification request of payment is sent to server, includes order information, the user identifier, mobile phone terminal mark to be paid in certification request Know and bracelet identifies.
After the certification request for receiving client, payment server compares the mark of the mobile phone terminal in certification request, and saves Corresponding relationship in correspond to the mobile phone terminal mark of bracelet mark in certification request, refuse certification request if different, prop up Pay failure;If identical, payment server generates random clear data, using this clear data as downlink authentication information. After payment server is signed downlink authentication information, user identifier, bracelet mark with preset privacy key, it is encapsulated in In detection instruction, client is sent to by the encrypted tunnel between client.
Client verifies detection instruction according to preset terminal public key first after receiving the detection instruction of payment server The legitimacy of middle signed data, if data do not conform to rule refusal detection instruction, payment failure.It is tested in the legitimacy by signing After card, client connecting detection instruction in specified bracelet, will test after successful connection instruction in downlink authentication information hair Give bracelet.Bracelet generates uplink authentication information after encrypting using the symmetric key of preservation to downlink authentication information, and will Uplink authentication information is back to client.The percussion that the process that bracelet encrypts downlink authentication information does not need user is true Recognize, user's operation can be further reduced, optimizes user experience.
After client receives the uplink authentication information of bracelet generation, by the uplink authentication information private key for user locally saved It signs, data, the bracelet mark after signature is encapsulated in detection response, it is logical by the encryption between payment server Road is sent to payment server.
Payment server, can be corresponding according to bracelet mark in detection response after the detection response for receiving client upload Client public key carries out signature check to detection response, and certification request fails if signature check failure.After signature check success, Payment server identifies corresponding symmetric key with bracelet and encrypts to downlink authentication information, by encrypted data and detection Uplink authentication information in response is compared, that is, under the downlink authentication information and bracelet encryption that compare payment server encryption Whether row authentication information is identical, identical, to the successful message of client return authentication and continues the payment of order;It is not identical then To client return authentication failure news.After client receives the successful message of certification, complete to use together with payment server The delivery operation of family order;If client receives the message of authentification failure, user is notified to be unable to complete due to authentification failure This payment.
Corresponding with the realization of above-mentioned process, embodiments herein additionally provides a kind of certification user applied on the server Device, a kind of device for applying the certification user in the terminal of accessing user's wearable device, a kind of apply in server On the device of registration wearable device, a kind of device of application registration wearable device at the terminal, a kind of apply taking Payment mechanism, a kind of payment mechanism applied at the terminal and a kind of payment applied on wearable device on business device fill It sets.These devices can also be realized by software realization by way of hardware or software and hardware combining.With software reality It is by the CPU of server, terminal or wearable device by corresponding computer as the device on logical meaning for existing Program instruction is read into memory what operation was formed.For hardware view, in addition to CPU shown in fig. 6, memory and non-volatile Except property memory, terminal or wearable device where device also typically include the chip etc. for carrying out wireless signal transmitting-receiving Other hardware, the server where device also typically include for realizing other hardware such as board of network communicating function.
Fig. 7 show a kind of device for authenticating user provided in this embodiment, and using on the server, the server is protected There are the user identifier of user, the corresponding relationship of wearable device mark and server authentication key, described device includes certification Request reception unit, detection instruction issuance unit, detection response receiving unit and matching unit, in which: certification request receives single Member carries the user identifier of the user for receiving the certification request that user is sent by terminal in the certification request And/or wearable device mark;Detection instruction issuance unit issues to terminal for obtaining downlink authentication information and carries downlink Authentication information, the user wearable device mark detection instruction;Detection response receiving unit is for receiving terminal return The detection response for carrying uplink authentication information, the uplink authentication information by detection instruction specify wearable device root It is generated according to equipment authentication key and downlink authentication information, the equipment authentication key is identical or opposite as server authentication key It answers;Matching unit is used for server authentication key matching downlink authentication information and uplink authentication information using the user, With success, the then described user passes through certification.
Optionally, the server also preserves the client public key of user, and the client public key corresponds to the user's User identifier, wearable device mark and server authentication key are a pair of secret keys with the private key for user for being stored in terminal;It is described The detection response that terminal returns is signed by the private key for user for being stored in terminal;Described device further includes detection response verification unit, For carrying out signature check to the detection response of the terminal according to the client public key of the user, the user if verifying failure Authentification failure.
Optionally, the server also preserves terminal iidentification, and the user that the terminal iidentification corresponds to the user marks Know, wearable device identifies and server authentication key;In the certification request further include: send the terminal mark of certification request Know;Described device further include: terminal iidentification verification unit, for user identifier or wearable device in corresponding to certification request The terminal iidentification of mark, with send certification request terminal iidentification difference when, user authentication failure.
Optionally, the server also preserves privacy key, the privacy key and the terminal for being stored in terminal Public key is a pair of secret keys;Described device further includes detection instruction signature unit, for being carried out with privacy key to detection instruction Signature.
Optionally, the server is payment server, and the certification request is payment request;Described device further include: Payment services unit, for providing payment services to by the user of certification.
Fig. 8 show a kind of device for authenticating user provided in this embodiment, applies in accessing user's wearable device In terminal, described device includes certification request transmission unit, detection instruction receiving unit, uplink authentication information unit, detects and answer Answer transmission unit and authentication result receiving unit, in which: certification request transmission unit is used for depending on the user's operation to server Certification request is sent, the user identifier and/or wearable device mark of the user are carried in the certification request;Detection refers to Receiving unit is enabled for receiving the detection instruction of server, downlink authentication information is carried in the detection instruction and wearable is set Standby mark;Uplink authentication information unit is used to for downlink authentication information being sent to wearable setting of specifying in the detection instruction It is standby, receive the uplink authentication information that the wearable device returns;The uplink authentication information by the wearable device according to The equipment authentication key and downlink authentication information of preservation generate, and the equipment authentication key is recognized with the server for being stored in server It is identical or corresponding to demonstrate,prove key;Detection response transmission unit is used to send the detection for carrying uplink authentication information to server and answers It answers;Authentication result receiving unit is recognized for receiving server according to the uplink authentication information, downlink authentication information and server Demonstrate,prove the user authentication result that key determines.
Optionally, the terminal preserves the private key for user of the user, the private key for user and is stored in server Client public key is a pair of secret keys;Described device further includes detection response signature unit, for the private key for user pair with the user Detection response is signed.
Optionally, the terminal preserves terminal public key, the terminal public key and the privacy key for being stored in server For a pair of secret keys;The detection instruction that the server issues is signed by privacy key;Described device further includes detection instruction school Verification certificate member is refused if verifying failure for carrying out signature check according to detection instruction of the terminal public key to the server The detection instruction.
Optionally, the certification request is payment request, and the terminal is completed after user authentication result is by certification The delivery operation of user.
Fig. 9 show a kind of device for registering wearable device provided in this embodiment, using on the server, from function Upper division, described device further include registration request receiving unit, write instruction issuance unit and write-in response receiving unit, In: registration request receiving unit is for receiving the wearable device registration request that user is sent by terminal, the registration request In carry the user user identifier and wearable device mark;Write instruction issuance unit is for obtaining the user's Server authentication key and equipment authentication key issue to terminal and carry equipment authentication key, the wearable of the user sets The write instruction of standby mark;Write-in response receiving unit is used to receive the write-in response of terminal return, if write-in response shows Equipment authentication key has successfully been stored in the wearable device specified in said write instruction, then saves the user of the user The corresponding relationship of mark, wearable device mark and server authentication key.
Optionally, said write response receiving unit includes that password confirming request issues module and password confirming response reception Module, in which: it is described for showing that equipment authentication key has successfully been stored in write-in response that password confirming request issues module When in the wearable device specified in write instruction, password confirming request is issued to terminal;Password confirming response receiving module is used The user of the user is saved if user password is correct in the password confirming response that reception terminal carries user password The corresponding relationship of mark, wearable device mark and server authentication key.
It optionally, further include the client public key that the terminal generates in the write-in response that the terminal returns;The password Confirmation response receiving unit is specifically used for: the password confirming response that terminal carries user password is received, if user password is just Really, then user identifier, wearable device mark, server authentication key and the corresponding of client public key for saving the user are closed System.
Optionally, the server also preserves privacy key and server public key;The privacy key and preservation It is a pair of secret keys in the terminal public key of terminal;The server public key is a pair of secret keys with the terminal secret key for being stored in terminal.Institute Stating device further includes write instruction signature unit, for being signed with privacy key to write instruction;Described device is also wrapped Write-in response verification unit is included, for carrying out signature check to the write-in response of the terminal using server public key, if school It tests failure and then refuses the registration request.
Figure 10 show a kind of device for registering wearable device provided in this embodiment, using at the terminal, from function Upper division, described device further include registration request transmission unit, write instruction receiving unit, write operation execution unit and write-in Response transmission unit, in which: registration request transmission unit is for sending wearable device note to server depending on the user's operation Volume is requested, and the user identifier and wearable device mark of the user are carried in the registration request;Write instruction receives single Member for receiving the write instruction of server, carried in said write instruction equipment authentication key, the user it is wearable Device identification;Write operation execution unit is used to execute write device authentication key to the wearable device specified in write instruction Operation;Response transmission unit is written and is used to send write-in response to server, carries write device in said write response and recognizes Demonstrate,prove the whether successful message of key.
Optionally, described device further includes password confirming request reception unit, for sending write-in response to server Afterwards, the user password carrying of user's input is back to clothes by the password confirming request for receiving server in password confirming response Business device.
Optionally, described device further includes user key generation unit, for when write device authentication key operation at After function, the private key for user and client public key of the user are generated, the private key for user is saved;It is also carried in said write response The client public key of the user.
Optionally, the terminal preserves terminal public key and terminal secret key;The terminal public key and it is stored in server Privacy key is a pair of secret keys;The terminal secret key is a pair of secret keys with the server public key for being stored in server;The dress Setting further includes write instruction verification unit, for carrying out signature check using write instruction of the terminal public key to the server, Refuse said write instruction if verifying failure.Described device further includes write-in response signature unit, for using terminal secret key It signs to write-in response.
Embodiments herein provides a kind of payment mechanism, using on the server, functionally divides, including payment Request reception unit, certification instruction issuance unit, authentication response receiving unit and payment matching unit, in which: payment request connects Unit is received for receiving the payment request that user is sent by payment client terminal, the user of user is carried in the payment request Mark and/or wearable device mark;Certification instruction issuance unit is for obtaining downlink authentication information, and under payment client terminal Give out a contract for a project and includes the certification instruction of downlink authentication information and wearable device mark;Authentication response receiving unit is for receiving payment visitor Family end return the authentication response information for carrying uplink authentication information, the uplink authentication information by certification instruction in specify Wearable device is generated according to equipment authentication key and downlink authentication information, the equipment authentication key and server authentication key It is identical or corresponding;Pay matching unit be used for using the user server authentication key matching downlink authentication information and Row authentication information, then the user passes through certification to successful match, and delivery operation is carried out after certification passes through.
Optionally, the payment request is that user is carried out by the expression selected on payment client terminal by wearable device The information of payment is triggered.
Embodiments herein provides a kind of payment mechanism, using at the terminal, functionally divides, including payment Request transmitting unit, certification instruction receiving unit and authentication response transmission unit, in which: payment request transmission unit is for responding In delivery operation of the user on payment client terminal, payment request is sent to server, carries user in the payment request User identifier and/or wearable device mark;Certification instruction receiving unit is used to receive that server to issue recognizes including downlink The certification instruction for demonstrate,proving information and wearable device mark, and is sent to wearable device for the downlink authentication information, so as to by Wearable device generates uplink authentication information using the equipment authentication key and downlink authentication information itself saved;Authentication response hair It send unit for receiving the uplink authentication information of wearable device return, and is sent to server, so that server is according to uplink Authentication information authenticates user, and delivery operation is carried out after certification passes through.
Optionally, delivery operation of the user on payment client terminal be specially user selection expression by wearable device into The operation of row payment.
Embodiments herein provides a kind of payment mechanism of wearable device, applies on wearable device, from function Division, including payment authentication information receiving unit and uplink authentication information generation unit can be gone up, in which: payment authentication information receives Unit is used to receive the payment authentication information of payment client terminal transmission, and the payment authentication information includes that server is based on payment visitor The downlink authentication information that the payment request for the user that family end is sent is issued;Uplink authentication information generation unit is used for according to preservation Equipment authentication key and downlink authentication information generate uplink authentication information, and by the uplink authentication information be sent to payment visitor Family end, so that uplink authentication information is sent to server by payment client terminal, so that server can be based on uplink authentication information User is authenticated, and carries out delivery operation after certification passes through.
Optionally, described device further include: payment binding unit, for what is issued in response to user by payment client terminal Bind request is paid, the equipment authentication key carried in bind request will be paid and saved.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.

Claims (47)

1. a kind of method for authenticating user, using on the server, which is characterized in that the server preserves the user of user The corresponding relationship of mark, wearable device mark and server authentication key, which comprises
Receive the certification request that sends by terminal of user, carried in the certification request user identifier of the user with/ Or wearable device mark;
Downlink authentication information is obtained, is issued to terminal and carries downlink authentication information, the wearable device of the user identifies Detection instruction;
The detection response for carrying uplink authentication information that terminal returns is received, the uplink authentication information is by detection instruction middle finger Fixed wearable device is generated according to equipment authentication key and downlink authentication information, the equipment authentication key and server authentication Key is identical or corresponding;The specified wearable device is the wearable device identified with the wearable device;
Utilize the server authentication key matching downlink authentication information and uplink certification letter for corresponding to wearable device mark Breath, then the user passes through certification to successful match.
2. the method according to claim 1, wherein the server also preserves the client public key of user, institute User identifier, wearable device mark and server authentication key of the client public key corresponding to the user are stated, and is stored in end The private key for user at end is a pair of secret keys;
The detection response that the terminal returns is signed by the private key for user for being stored in terminal;
The method also includes: signature check is carried out to the detection response of the terminal according to the client public key of the user, such as Fruit verifies failure then user authentication failure.
3. the method according to claim 1, wherein the server also preserves terminal iidentification, the terminal Mark corresponds to the user identifier of the user, wearable device mark and server authentication key;
In the certification request further include: send the terminal iidentification of certification request;
The method also includes: if corresponding to the terminal iidentification of user identifier or wearable device mark in certification request, with The terminal iidentification for sending certification request is different, then user authentication failure.
4. according to claim 1 to method described in 3 any one, which is characterized in that the server also preserves server Private key, the privacy key are a pair of secret keys with the terminal public key for being stored in terminal;
The method also includes: it is signed with privacy key to detection instruction.
5. according to claim 1 to method described in 3 any one, which is characterized in that the detection instruction and detection response are logical Cross the encrypted tunnel transmission between server and terminal.
6. according to claim 1 to method described in 3 any one, which is characterized in that the server is payment server, institute Stating certification request is payment request;
The method also includes: payment services are provided to by the user of certification.
7. a kind of method for authenticating user, is applied in the terminal of accessing user's wearable device, which is characterized in that the method Include:
Certification request is sent to server depending on the user's operation, the user identifier of the user is carried in the certification request And/or wearable device mark;
The detection instruction of server is received, downlink authentication information and wearable device mark are carried in the detection instruction;
Downlink authentication information is sent to the wearable device specified in the detection instruction, the wearable device is received and returns Uplink authentication information;The uplink authentication information is recognized by the wearable device according to the equipment authentication key and downlink of preservation It demonstrate,proves information to generate, the equipment authentication key is identical or corresponding as the server authentication key for being stored in server;The finger Fixed wearable device is the wearable device identified with the wearable device;
The detection response for carrying uplink authentication information is sent to server;
Server is received according to the uplink authentication information, downlink authentication information and the clothes identified corresponding to the wearable device The user authentication result that device authentication key of being engaged in determines.
8. the method according to the description of claim 7 is characterized in that the terminal preserves the private key for user of the user, institute It is a pair of secret keys that private key for user, which is stated, with the client public key for being stored in server;
The method also includes: it is signed with the private key for user of the user to detection response.
9. method according to claim 7 or 8, which is characterized in that the terminal preserves terminal public key, and the terminal is public Key is a pair of secret keys with the privacy key for being stored in server;
The detection instruction that the server issues is signed by privacy key;
The method also includes: signature check is carried out according to detection instruction of the terminal public key to the server, if verification is lost It loses, refuses the detection instruction.
10. method according to claim 7 or 8, which is characterized in that the certification request is payment request, the terminal After user authentication result is by certification, the delivery operation of user is completed.
11. a kind of method for registering wearable device, using on the server characterized by comprising
The wearable device registration request that user is sent by terminal is received, the use of the user is carried in the registration request Family mark and wearable device mark;
The server authentication key and equipment authentication key for corresponding to wearable device mark are obtained, issues carrying to terminal There is the write instruction of equipment authentication key, the wearable device mark of the user;
The write-in response that terminal returns is received, if write-in response shows that equipment authentication key has successfully been stored in said write and has referred to In the wearable device specified in order, then the user identifier, wearable device mark and server authentication for saving the user are close The corresponding relationship of key;The specified wearable device is the wearable device identified with the wearable device;It is described right It should be related to for authenticating the specified wearable device by using equipment authentication key and server authentication key, to authenticate The user.
12. according to the method for claim 11, which is characterized in that the user identifier for saving the user, wearable The corresponding relationship of device identification and server authentication key, comprising:
Password confirming request is issued to terminal;
The password confirming response that reception terminal carries user password saves the use of the user if user password is correct The corresponding relationship of family mark, wearable device mark and server authentication key.
13. method according to claim 11 or 12, which is characterized in that further include in the write-in response that the terminal returns The client public key that the terminal generates;
The corresponding relationship of the user identifier for saving user, wearable device mark and server authentication key, further includes: protect Deposit the user identifier of the user, wearable device identifies, the corresponding relationship of server authentication key and client public key.
14. method according to claim 11 or 12, which is characterized in that the server also preserve privacy key and Server public key;The privacy key is a pair of secret keys with the terminal public key for being stored in terminal;The server public key and guarantor It is a pair of secret keys there are the terminal secret key of terminal;
The method also includes: it is signed with privacy key to write instruction;
The method also includes: signature check is carried out to the write-in response of the terminal using server public key, if verification is lost It loses, refuses the registration request.
15. a kind of method for registering wearable device, using at the terminal characterized by comprising
Wearable device registration request is sent to server depending on the user's operation, carries the user in the registration request User identifier and wearable device mark;
The write instruction of server is received, carries equipment authentication key in said write instruction, the wearable of the user sets Standby mark;
The operation of write device authentication key is executed to the wearable device specified in write instruction;It is described specified wearable to set The standby wearable device to be identified with the wearable device;
Write-in response is sent to server, the whether successful message of write device authentication key is carried in said write response, supplies Server saves user identifier, the wearable device mark of the user after receiving the successful message of write device authentication key Know the corresponding relationship with server authentication key;The corresponding relationship is used to by server by using equipment authentication key kimonos Business device authentication key authenticates the specified wearable device, to authenticate the user;The server authentication key with it is described Equipment authentication key is identical or corresponding.
16. according to the method for claim 15, which is characterized in that the method also includes: it is written being sent to server After response, the password confirming request of server is received, the user password of user's input is carried and is returned in password confirming response To server.
17. method according to claim 15 or 16, which is characterized in that the method also includes: when write device authenticates After the operation success of key, the private key for user and client public key of the user are generated, the private key for user is saved;
The client public key of the user is also carried in said write response.
18. method according to claim 15 or 16, which is characterized in that the terminal preserves terminal public key and terminal is private Key;The terminal public key is a pair of secret keys with the privacy key for being stored in server;The terminal secret key and it is stored in service The server public key of device is a pair of secret keys;
The method also includes: signature check is carried out using write instruction of the terminal public key to the server, if verification is lost It loses, refuses said write instruction;
The method also includes: it is signed with terminal secret key to write-in response.
19. a kind of device for authenticating user, using on the server, which is characterized in that the server preserves the use of user The corresponding relationship of family mark, wearable device mark and server authentication key, described device include:
Certification request receiving unit, the certification request sent for receiving user by terminal carry in the certification request The user identifier and/or wearable device of the user identifies;
Detection instruction issuance unit issues to terminal for obtaining downlink authentication information and carries downlink authentication information, the use The detection instruction of the wearable device mark at family;
Response receiving unit is detected, for receiving the detection response for carrying uplink authentication information of terminal return, the uplink Authentication information is generated by the wearable device specified in detection instruction according to equipment authentication key and downlink authentication information, described to set Standby authentication key is identical or corresponding as server authentication key;The specified wearable device is wearable to set with described The wearable device of standby mark;
Matching unit, for matching downlink authentication information using the server authentication key for corresponding to wearable device mark With uplink authentication information, then the user passes through certification to successful match.
20. device according to claim 19, which is characterized in that the server also preserves the client public key of user, The client public key corresponds to the user identifier of the user, wearable device mark and server authentication key, and is stored in The private key for user of terminal is a pair of secret keys;
The detection response that the terminal returns is signed by the private key for user for being stored in terminal;
Described device further include: detection response verification unit, the inspection for the client public key according to the user to the terminal It surveys response and carries out signature check, the user authentication failure if verifying failure.
21. device according to claim 19, which is characterized in that the server also preserves terminal iidentification, the end End mark corresponds to the user identifier of the user, wearable device mark and server authentication key;
In the certification request further include: send the terminal iidentification of certification request;
Described device further include: terminal iidentification verification unit for the user identifier in corresponding to certification request or wearable is set The terminal iidentification of standby mark, with send certification request terminal iidentification difference when, user authentication failure.
22. device described in 9 to 21 any one according to claim 1, which is characterized in that the server also preserves service Device private key, the privacy key are a pair of secret keys with the terminal public key for being stored in terminal;
Described device further include: detection instruction signature unit, for being signed with privacy key to detection instruction.
23. device described in 9 to 21 any one according to claim 1, which is characterized in that the server is payment services Device, the certification request are payment request;
Described device further include: payment services unit, for providing payment services to by the user of certification.
24. a kind of device for authenticating user, is applied in the terminal of accessing user's wearable device, which is characterized in that the dress It sets and includes:
Certification request transmission unit is taken in the certification request for sending certification request to server depending on the user's operation User identifier and/or wearable device mark with the user;
Detection instruction receiving unit carries downlink certification letter for receiving the detection instruction of server in the detection instruction Breath and wearable device mark;
Uplink authentication information unit, for downlink authentication information to be sent to the wearable device specified in the detection instruction, Receive the uplink authentication information that the wearable device returns;The uplink authentication information is by the wearable device according to preservation Equipment authentication key and downlink authentication information generate, the equipment authentication key and the server authentication for being stored in server are close Key is identical or corresponding;The specified wearable device is the wearable device identified with the wearable device;
Response transmission unit is detected, for sending the detection response for carrying uplink authentication information to server;
Authentication result receiving unit, for receiving server according to the uplink authentication information, downlink authentication information and corresponding to The user authentication result that the server authentication key of the wearable device mark determines.
25. device according to claim 24, which is characterized in that the terminal preserves the private key for user of the user, The private key for user is a pair of secret keys with the client public key for being stored in server;
Described device further include: detection response signature unit, for being signed with the private key for user of the user to detection response Name.
26. the device according to claim 24 or 25, which is characterized in that the terminal preserves terminal public key, the end End public key is a pair of secret keys with the privacy key for being stored in server;
The detection instruction that the server issues is signed by privacy key;
Described device further include: detection instruction verification unit, for according to terminal public key to the detection instruction of the server into Row signature check refuses the detection instruction if verifying failure.
27. the device according to claim 24 or 25, which is characterized in that the certification request is payment request, the end The delivery operation of user is completed after user authentication result is by certification in end.
28. a kind of device for registering wearable device, using on the server characterized by comprising
Registration request receiving unit, the wearable device registration request sent for receiving user by terminal, the registration are asked The user identifier and wearable device mark of the user are carried in asking;
Write instruction issuance unit is recognized for obtaining the server authentication key for corresponding to wearable device mark and equipment Key is demonstrate,proved, the write instruction for carrying equipment authentication key, the wearable device mark of the user is issued to terminal;
Response receiving unit is written, for receiving the write-in response of terminal return, if write-in response shows equipment authentication key It has successfully been stored in the wearable device specified in said write instruction, has then saved the user identifier, wearable of the user The corresponding relationship of device identification and server authentication key;The specified wearable device is with the wearable device mark The wearable device of knowledge;The corresponding relationship is used to authenticate the finger by using equipment authentication key and server authentication key Fixed wearable device, to authenticate the user.
29. device according to claim 28, which is characterized in that said write response receiving unit includes:
Password confirming request issues module, for showing that equipment authentication key has successfully been stored in said write and has referred in write-in response When in the wearable device specified in order, password confirming request is issued to terminal;
Password confirming response receiving module carries the password confirming response of user password for receiving terminal, if user is close Code is correct, then saves the user identifier of the user, the corresponding relationship of wearable device mark and server authentication key.
30. the device according to claim 28 or 29, which is characterized in that further include in the write-in response that the terminal returns The client public key that the terminal generates;
Said write response receiving unit saves the user identifier of the user, wearable device mark, server authentication key With the corresponding relationship of client public key, comprising: the user identifier, wearable device mark, server authentication for saving the user are close The corresponding relationship of key and client public key.
31. the device according to claim 28 or 29, which is characterized in that the server also preserve privacy key and Server public key;The privacy key is a pair of secret keys with the terminal public key for being stored in terminal;The server public key and guarantor It is a pair of secret keys there are the terminal secret key of terminal;
Described device further include: write instruction signature unit, for being signed with privacy key to write instruction;
Described device further include: write-in response verification unit, for using server public key to the write-in response of the terminal into Row signature check refuses the registration request if verifying failure.
32. a kind of device for registering wearable device, using at the terminal characterized by comprising
Registration request transmission unit, for sending wearable device registration request, the note to server depending on the user's operation The user identifier and wearable device mark of the user are carried in volume request;
It is close to carry equipment certification for receiving the write instruction of server for write instruction receiving unit in said write instruction Key, the user wearable device mark;
Write operation execution unit, for executing the behaviour of write device authentication key to the wearable device specified in write instruction Make;The specified wearable device is the wearable device identified with the wearable device;
Response transmission unit is written, for sending write-in response to server, write device certification is carried in said write response The whether successful message of key saves the user's for server after receiving the successful message of write device authentication key The corresponding relationship of user identifier, wearable device mark and server authentication key;The corresponding relationship is used to lead to by server It crosses and the specified wearable device is authenticated using equipment authentication key and server authentication key, to authenticate the user;Institute It states server authentication key and the equipment authentication key is identical or corresponding.
33. device according to claim 32, which is characterized in that described device further include: password confirming request receives single Member, for after sending write-in response to server, receiving the password confirming request of server, the user password that user is inputted Carrying is back to server in password confirming response.
34. the device according to claim 32 or 33, which is characterized in that described device further include: user key generates single Member, for generating the private key for user and client public key of the user, saving institute after the operation success of write device authentication key State private key for user;
The client public key of the user is also carried in said write response.
35. the device according to claim 32 or 33, which is characterized in that the terminal preserves terminal public key and terminal is private Key;The terminal public key is a pair of secret keys with the privacy key for being stored in server;The terminal secret key and it is stored in service The server public key of device is a pair of secret keys;
Described device further include: write instruction verification unit, for using terminal public key to the write instruction of the server into Row signature check refuses said write instruction if verifying failure;
Described device further include: write-in response signature unit, for being signed with terminal secret key to write-in response.
36. a kind of method of payment characterized by comprising
The payment request that user is sent by payment client terminal is received, the user identifier of user is carried in the payment request And/or wearable device mark;
Downlink authentication information is obtained, and issues to payment client terminal and recognizes including what downlink authentication information and wearable device identified Card instruction;
The authentication response information for carrying uplink authentication information that payment client terminal returns is received, the uplink authentication information is by recognizing The wearable device specified in card instruction is generated according to equipment authentication key and downlink authentication information, the equipment authentication key with Server authentication key is identical or corresponding;The specified wearable device is to wear with what the wearable device identified Wear equipment;
Utilize the server authentication key matching downlink authentication information and uplink certification letter for corresponding to wearable device mark Breath, then the user passes through certification to successful match, and delivery operation is carried out after certification passes through.
37. according to the method for claim 36, which is characterized in that the payment request is that user passes through in payment client terminal The expression of upper selection is triggered by the information that wearable device is paid.
38. a kind of method of payment characterized by comprising
In response to delivery operation of the user on payment client terminal, payment request is sent to server, is taken in the payment request User identifier and/or wearable device mark with user;
The certification instruction identified including downlink authentication information and wearable device that server issues is received, and the downlink is recognized Card information is sent to wearable device, to utilize equipment authentication key and downlink the certification letter itself saved by wearable device Breath generates uplink authentication information;The wearable device is the wearable device identified with the wearable device;
The uplink authentication information that wearable device returns is received, and is sent to server, is believed so that server is authenticated according to uplink Breath authenticates user, and delivery operation is carried out after certification passes through.
39. the method for payment according to claim 38, which is characterized in that delivery operation tool of the user on payment client terminal Body is the operation that the expression of user's selection is paid by wearable device.
40. a kind of method of payment of wearable device characterized by comprising
The payment authentication information that payment client terminal is sent is received, the payment authentication information includes that server is based on payment client terminal The downlink authentication information that the payment request of the user of transmission is issued;
Uplink authentication information is generated according to the equipment authentication key of preservation and downlink authentication information, and by the uplink authentication information It is sent to payment client terminal, so that uplink authentication information is sent to server by payment client terminal, so that server can be based on Uplink authentication information authenticates user, and delivery operation is carried out after certification passes through.
41. according to the method for claim 40, which is characterized in that further include:
In response to the payment bind request that user is issued by payment client terminal, the equipment carried in bind request will be paid and authenticated Key saves.
42. a kind of payment mechanism characterized by comprising
Payment request receiving unit, the payment request sent for receiving user by payment client terminal, in the payment request Carry the user identifier and/or wearable device mark of user;
Certification instruction issuance unit, issues for obtaining downlink authentication information, and to payment client terminal including downlink authentication information And the certification instruction of wearable device mark;
Authentication response receiving unit, for receiving the authentication response letter for carrying uplink authentication information of payment client terminal return Breath, the uplink authentication information is by wearable device specified in certification instruction according to equipment authentication key and downlink authentication information It generates, the equipment authentication key is identical or corresponding as server authentication key;The specified wearable device be with The wearable device of the wearable device mark;
Matching unit is paid, for authenticating using the server authentication key matching downlink for corresponding to wearable device mark Information and uplink authentication information, then the user passes through certification to successful match, and delivery operation is carried out after certification passes through.
43. device according to claim 42, which is characterized in that the payment request is that user passes through in payment client terminal The expression of upper selection is triggered by the information that wearable device is paid.
44. a kind of payment mechanism characterized by comprising
Payment request transmission unit sends to server and pays for the delivery operation in response to user on payment client terminal It requests, the user identifier and/or wearable device mark of user is carried in the payment request;
Authenticate instruction receiving unit, for receive that server issues include downlink authentication information and what wearable device identified recognizes Card instruction, and the downlink authentication information is sent to wearable device, to be set by wearable device using what itself was saved Standby authentication key and downlink authentication information generate uplink authentication information;The wearable device is with the wearable device mark The wearable device of knowledge;
Authentication response transmission unit for receiving the uplink authentication information of wearable device return, and is sent to server, so as to Server authenticates user according to uplink authentication information, and delivery operation is carried out after certification passes through.
45. device according to claim 44, which is characterized in that delivery operation of the user on payment client terminal be specially The operation that the expression of user's selection is paid by wearable device.
46. a kind of payment mechanism of wearable device characterized by comprising
Payment authentication information receiving unit, for receiving the payment authentication information of payment client terminal transmission, the payment authentication letter Breath includes the downlink authentication information that the payment request for the user that server is sent based on payment client terminal is issued;
Uplink authentication information generation unit, for generating uplink certification according to the equipment authentication key and downlink authentication information of preservation Information, and the uplink authentication information is sent to payment client terminal, so that uplink authentication information is sent by payment client terminal To server, so that server can authenticate user based on uplink authentication information, and payment behaviour is carried out after certification passes through Make.
47. device according to claim 46, which is characterized in that described device further include: payment binding unit, for ringing The payment bind request that should be issued in user by payment client terminal will pay the equipment authentication key carried in bind request and protect It deposits.
CN201510155552.4A 2015-04-02 2015-04-02 It authenticates the method and device of user, register the method and device of wearable device Active CN106161359B (en)

Priority Applications (12)

Application Number Priority Date Filing Date Title
CN201510155552.4A CN106161359B (en) 2015-04-02 2015-04-02 It authenticates the method and device of user, register the method and device of wearable device
CN201910718095.3A CN110417797B (en) 2015-04-02 2015-04-02 Method and device for authenticating user
KR1020177031906A KR102242218B1 (en) 2015-04-02 2016-03-15 User authentication method and apparatus, and wearable device registration method and apparatus
PCT/CN2016/076415 WO2016155497A1 (en) 2015-04-02 2016-03-15 User authentication method and device, and wearable device registration method and device
SG11201708032TA SG11201708032TA (en) 2015-04-02 2016-03-15 Method and apparatus for authenticating user, method and apparatus for registering wearable device
ES16771252T ES2820554T3 (en) 2015-04-02 2016-03-15 Method and apparatus for authenticating a user, method and apparatus for registering a wearable device
JP2017551677A JP6646341B2 (en) 2015-04-02 2016-03-15 Method and apparatus for authenticating a user and method and apparatus for registering a wearable device
SG10202004393SA SG10202004393SA (en) 2015-04-02 2016-03-15 Method and apparatus for authenticating user, method and apparatus for registering wearable device
PL16771252T PL3280090T3 (en) 2015-04-02 2016-03-15 User authentication method and device
EP16771252.0A EP3280090B1 (en) 2015-04-02 2016-03-15 User authentication method and device
US15/719,274 US10587418B2 (en) 2015-04-02 2017-09-28 Authenticating a user and registering a wearable device
US16/813,613 US10873573B2 (en) 2015-04-02 2020-03-09 Authenticating a user and registering a wearable device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510155552.4A CN106161359B (en) 2015-04-02 2015-04-02 It authenticates the method and device of user, register the method and device of wearable device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201910718095.3A Division CN110417797B (en) 2015-04-02 2015-04-02 Method and device for authenticating user

Publications (2)

Publication Number Publication Date
CN106161359A CN106161359A (en) 2016-11-23
CN106161359B true CN106161359B (en) 2019-09-17

Family

ID=57005586

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510155552.4A Active CN106161359B (en) 2015-04-02 2015-04-02 It authenticates the method and device of user, register the method and device of wearable device
CN201910718095.3A Active CN110417797B (en) 2015-04-02 2015-04-02 Method and device for authenticating user

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201910718095.3A Active CN110417797B (en) 2015-04-02 2015-04-02 Method and device for authenticating user

Country Status (9)

Country Link
US (2) US10587418B2 (en)
EP (1) EP3280090B1 (en)
JP (1) JP6646341B2 (en)
KR (1) KR102242218B1 (en)
CN (2) CN106161359B (en)
ES (1) ES2820554T3 (en)
PL (1) PL3280090T3 (en)
SG (2) SG11201708032TA (en)
WO (1) WO2016155497A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12125054B2 (en) 2019-09-25 2024-10-22 Valideck International Corporation System, devices, and methods for acquiring and verifying online information

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161359B (en) 2015-04-02 2019-09-17 阿里巴巴集团控股有限公司 It authenticates the method and device of user, register the method and device of wearable device
US10122709B2 (en) * 2015-05-12 2018-11-06 Citrix Systems, Inc. Multifactor contextual authentication and entropy from device or device input or gesture authentication
KR102370286B1 (en) * 2015-10-28 2022-03-03 에스케이플래닛 주식회사 APPARATUS, METHOD and RECODING MEDIUM for AUTHENTICATION WIRELESS MESH NETWORK
US10496852B1 (en) * 2016-07-12 2019-12-03 Symantec Corporation Systems and methods of dynamic obfuscation pattern generation for preventing smudge attacks on touch screen devices
CN108154364B (en) * 2016-12-06 2024-07-19 上海方付通商务服务有限公司 Wearable device, payment system with same and payment method
CN106683243A (en) * 2016-12-08 2017-05-17 大唐微电子技术有限公司 Hotel online encryption management method and system
CN106981003B (en) * 2016-12-30 2020-08-25 中国银联股份有限公司 Transaction method, device and system for virtual reality environment
CN106790307A (en) * 2017-03-28 2017-05-31 联想(北京)有限公司 Network safety managing method and server
CN107277017A (en) * 2017-06-22 2017-10-20 北京洋浦伟业科技发展有限公司 Purview certification method, apparatus and system based on encryption key and device-fingerprint
CN107395634B (en) * 2017-08-25 2020-02-11 中南大学 Password-free identity authentication method of wearable equipment
CN107766738A (en) * 2017-09-12 2018-03-06 阿里巴巴集团控股有限公司 A kind of binding method of smart machine, device and system, communication system
CN109495885B (en) * 2017-09-13 2021-09-14 中国移动通信有限公司研究院 Authentication method, mobile terminal, management system and Bluetooth IC card
CN109561429B (en) * 2017-09-25 2020-11-17 华为技术有限公司 Authentication method and device
US11368451B2 (en) * 2017-10-19 2022-06-21 Google Llc Two-factor authentication systems and methods
US11348116B2 (en) 2017-11-07 2022-05-31 Mastercard International Incorporated Systems and methods for enhancing online user authentication using a personal cloud platform
CN112508552B (en) * 2017-12-06 2024-07-09 创新先进技术有限公司 Writing and payment methods and devices of NFC portable equipment and equipment
CN110493162B (en) * 2018-03-09 2024-08-02 山东量子科学技术研究院有限公司 Identity authentication method and system based on wearable equipment
CN110247881B (en) * 2018-03-09 2021-08-13 山东量子科学技术研究院有限公司 Identity authentication method and system based on wearable equipment
CN108574578A (en) * 2018-03-22 2018-09-25 北京交通大学 A kind of black box data protection system and method
JP6719498B2 (en) * 2018-03-23 2020-07-08 本田技研工業株式会社 Information processing method and electronic device
CN108320158A (en) * 2018-04-11 2018-07-24 郑鸿 A kind of wearable payment devices
CN110611903B (en) * 2018-06-15 2022-07-15 中兴通讯股份有限公司 Equipment binding method, device, equipment and storage medium
CN108814561A (en) * 2018-07-11 2018-11-16 山东博科保育科技股份有限公司 Skin icterus tester intelligent control method, apparatus and system
CN109522387B (en) * 2018-10-27 2023-07-14 平安医疗健康管理股份有限公司 Lumbar disc herniation qualification authentication method, equipment and server based on data processing
EP3657750B1 (en) 2018-11-21 2023-01-11 TeamViewer Germany GmbH Method for the authentication of a pair of data glasses in a data network
CN109379388B (en) * 2018-12-17 2021-04-06 福建联迪商用设备有限公司 Identity recognition method, terminal and wearable device
CN111431840B (en) * 2019-01-09 2022-06-07 北京京东尚科信息技术有限公司 Security processing method and device, computer equipment and readable storage medium
CN111158645B (en) * 2019-12-10 2022-09-20 杭州中天微系统有限公司 System and method for providing an integrated development environment
CN113132979B (en) * 2019-12-30 2023-03-21 中移雄安信息通信科技有限公司 Method for acquiring and issuing IMSI encrypted public key and equipment
CN113256902B (en) * 2020-02-27 2024-07-12 深圳怡化电脑股份有限公司 Secure input method, device, system and storage medium for sensitive information
CN112597528A (en) * 2020-03-31 2021-04-02 北京金风慧能技术有限公司 Information security protection method and device, electronic equipment and storage medium
CN113709088B (en) * 2020-05-22 2023-04-28 中国联合网络通信集团有限公司 Data transmission method, device, equipment and storage medium based on wearable equipment
US11727127B2 (en) * 2020-10-16 2023-08-15 Micron Technology, Inc. Secure storage device verification with multiple computing devices
JP2022075196A (en) * 2020-11-06 2022-05-18 株式会社東芝 Transfer device, key management server device, communication system, transfer method, and program
JP7395455B2 (en) * 2020-11-06 2023-12-11 株式会社東芝 Transfer device, key management server device, communication system, transfer method and program
CN112532629B (en) * 2020-11-30 2023-01-24 航天信息股份有限公司 Data transmission method, device, equipment and medium
CN112887409B (en) * 2021-01-27 2022-05-17 珠海格力电器股份有限公司 Data processing system, method, device, equipment and storage medium
CN113055182B (en) * 2021-03-15 2022-11-08 中国工商银行股份有限公司 Authentication method and system, terminal, server, computer system, and medium
US11638564B2 (en) * 2021-08-24 2023-05-02 Biolink Systems, Llc Medical monitoring system
CN114124578B (en) * 2022-01-25 2022-04-15 湖北芯擎科技有限公司 Communication method, device, vehicle and storage medium
CN117240870B (en) * 2023-11-01 2024-07-12 广东壹健康健康产业集团股份有限公司 Wearable device data synchronization method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102421097A (en) * 2010-09-27 2012-04-18 中国移动通信集团公司 User authorization method, device and system
CN103178969A (en) * 2013-04-16 2013-06-26 河南有线电视网络集团有限公司 Service authentication method and system
CN103716794A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Two-way safety verification method and system based on portable device
CN104219626A (en) * 2014-08-25 2014-12-17 北京乐富科技有限责任公司 Identity authentication method and device

Family Cites Families (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5781723A (en) * 1996-06-03 1998-07-14 Microsoft Corporation System and method for self-identifying a portable information device to a computing unit
US6346391B1 (en) * 1999-07-22 2002-02-12 Trustees Of Tufts College Methods of reducing microbial resistance to drugs
EP1132828A4 (en) * 1999-09-17 2007-10-10 Sony Corp Data providing system and method therefor
JP2002247029A (en) * 2000-02-02 2002-08-30 Sony Corp Certification device, certification system and its method, communication device, communication controller, communication system and its method, information recording method and its device, information restoring method and its device, and recording medium
US7310734B2 (en) * 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
JP2002374244A (en) * 2001-06-13 2002-12-26 Kenwood Corp Information distribution method
KR100449484B1 (en) * 2001-10-18 2004-09-21 한국전자통신연구원 Method for issuing a certificate of authentication using information of a bio metrics in a pki infrastructure
US6996715B2 (en) * 2002-01-03 2006-02-07 Lockheed Martin Corporation Method for identification of a user's unique identifier without storing the identifier at the identification site
US8539232B2 (en) * 2002-06-26 2013-09-17 Sony Corporation Information terminal apparatus, information processing apparatus and information communication system
JP4311174B2 (en) * 2003-11-21 2009-08-12 日本電気株式会社 Authentication method, mobile radio communication system, mobile terminal, authentication side device, authentication server, authentication proxy switch, and program
US20070186099A1 (en) * 2004-03-04 2007-08-09 Sweet Spot Solutions, Inc. Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method
WO2005107130A1 (en) * 2004-05-04 2005-11-10 Research In Motion Limited Challenge response system and method
US20060036857A1 (en) * 2004-08-06 2006-02-16 Jing-Jang Hwang User authentication by linking randomly-generated authentication secret with personalized secret
US8132006B2 (en) * 2005-05-03 2012-03-06 Ntt Docomo, Inc. Cryptographic authentication and/or establishment of shared cryptographic keys, including, but not limited to, password authenticated key exchange (PAKE)
JP4722599B2 (en) * 2005-07-13 2011-07-13 富士通株式会社 Electronic image data verification program, electronic image data verification system, and electronic image data verification method
US7814320B2 (en) * 2005-07-19 2010-10-12 Ntt Docomo, Inc. Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks
JP4607782B2 (en) 2006-02-06 2011-01-05 株式会社エヌ・ティ・ティ・ドコモ Communication terminal device
US8572387B2 (en) * 2006-07-26 2013-10-29 Panasonic Corporation Authentication of a peer in a peer-to-peer network
EP2048812A4 (en) * 2006-08-04 2014-05-07 Fujitsu Ltd Electronic document management program, method, and device
CN101192926B (en) * 2006-11-28 2011-03-30 北京握奇数据系统有限公司 Account protection method and system
US8156332B2 (en) * 2007-05-29 2012-04-10 Apple Inc. Peer-to-peer security authentication protocol
CN101075874B (en) * 2007-06-28 2010-06-02 腾讯科技(深圳)有限公司 Certifying method and system
WO2009057147A2 (en) * 2007-11-04 2009-05-07 Rajendra Kumar Khare Method and system for user authentication
CN101662768B (en) * 2008-08-28 2013-06-19 阿尔卡特朗讯公司 Authenticating method and equipment based on user identification module of personal handy phone system
US20120102324A1 (en) * 2010-10-21 2012-04-26 Mr. Lazaro Rodriguez Remote verification of user presence and identity
US8346672B1 (en) 2012-04-10 2013-01-01 Accells Technologies (2009), Ltd. System and method for secure transaction process via mobile device
CN102546172A (en) * 2011-12-16 2012-07-04 北京握奇数据系统有限公司 Access control method of intelligent card, intelligent card, terminal and system
US20140133656A1 (en) 2012-02-22 2014-05-15 Qualcomm Incorporated Preserving Security by Synchronizing a Nonce or Counter Between Systems
US20130268687A1 (en) 2012-04-09 2013-10-10 Mcafee, Inc. Wireless token device
CN103220271A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
US20140279528A1 (en) 2013-03-15 2014-09-18 Motorola Mobility Llc Wearable Authentication Device
CN104346548A (en) 2013-08-01 2015-02-11 华为技术有限公司 Wearable equipment and authentication method thereof
JP2015033038A (en) * 2013-08-05 2015-02-16 ソニー株式会社 Information processing device, information processing method, and computer program
JP2015192377A (en) * 2014-03-28 2015-11-02 富士通株式会社 Method, system and program for key transmission
US9826400B2 (en) * 2014-04-04 2017-11-21 Qualcomm Incorporated Method and apparatus that facilitates a wearable identity manager
CN104065653B (en) * 2014-06-09 2015-08-19 北京石盾科技有限公司 A kind of interactive auth method, device, system and relevant device
CN104243484B (en) 2014-09-25 2016-04-13 小米科技有限责任公司 Information interacting method and device, electronic equipment
CN104219058B (en) * 2014-09-28 2018-05-25 小米科技有限责任公司 Authentication, identification authorization method and device
CN106161359B (en) 2015-04-02 2019-09-17 阿里巴巴集团控股有限公司 It authenticates the method and device of user, register the method and device of wearable device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102421097A (en) * 2010-09-27 2012-04-18 中国移动通信集团公司 User authorization method, device and system
CN103178969A (en) * 2013-04-16 2013-06-26 河南有线电视网络集团有限公司 Service authentication method and system
CN103716794A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Two-way safety verification method and system based on portable device
CN104219626A (en) * 2014-08-25 2014-12-17 北京乐富科技有限责任公司 Identity authentication method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12125054B2 (en) 2019-09-25 2024-10-22 Valideck International Corporation System, devices, and methods for acquiring and verifying online information

Also Published As

Publication number Publication date
CN110417797A (en) 2019-11-05
EP3280090B1 (en) 2020-08-26
KR20170134631A (en) 2017-12-06
US20180019878A1 (en) 2018-01-18
CN106161359A (en) 2016-11-23
SG10202004393SA (en) 2020-06-29
US10587418B2 (en) 2020-03-10
JP2018515011A (en) 2018-06-07
PL3280090T3 (en) 2020-11-16
JP6646341B2 (en) 2020-02-14
US10873573B2 (en) 2020-12-22
ES2820554T3 (en) 2021-04-21
WO2016155497A1 (en) 2016-10-06
EP3280090A4 (en) 2018-12-05
US20200213129A1 (en) 2020-07-02
CN110417797B (en) 2021-07-30
KR102242218B1 (en) 2021-04-21
SG11201708032TA (en) 2017-10-30
EP3280090A1 (en) 2018-02-07

Similar Documents

Publication Publication Date Title
CN106161359B (en) It authenticates the method and device of user, register the method and device of wearable device
KR102304778B1 (en) System and method for initially establishing and periodically confirming trust in a software application
US20190165947A1 (en) Signatures for near field communications
TWI719216B (en) Graphic code information provision and acquisition method, device and terminal
US20160104154A1 (en) Securing host card emulation credentials
US11636478B2 (en) Method of performing authentication for a transaction and a system thereof
ES2713390T3 (en) Identity verification procedure of a user of a communicating terminal and associated system
CN106527673A (en) Method and apparatus for binding wearable device, and electronic payment method and apparatus
US9445269B2 (en) Terminal identity verification and service authentication method, system and terminal
US20080181401A1 (en) Method of Establishing a Secure Communication Link
CN105812334B (en) A kind of method for network authorization
CN111131416A (en) Business service providing method and device, storage medium and electronic device
El Madhoun et al. A cloud-based secure authentication protocol for contactless-nfc payment
CN105376059A (en) Method and system for performing application signature based on electronic key
Abughazalah et al. Secure mobile payment on NFC-enabled mobile phones formally analysed using CasperFDR
Armando et al. Trusted host-based card emulation
CN104683979B (en) A kind of authentication method and equipment
Lu et al. An NFC-phone mutual authentication scheme for smart-living applications
Faridoon et al. Security Protocol for NFC Enabled Mobile Devices Used in Financial Applications
Pourghomi et al. Java Implementation of a Cloud-based SIM Secure Element NFC Payment Protocol
Chen Secure e-Payment Portal Solutions Using Mobile Technologies and Citizen Identity Scheme
Hampiholi et al. Trusted self-enrolment for attribute-based credentials on mobile phones
Kunning Strong Authentication Protocol using PIV Card with Mobile Devices

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1230361

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.